Never Expose Passwords in Selenium Again | Hide Sensitive Data in Test Automation

  Рет қаралды 1,549

Naveen AutomationLabs

Naveen AutomationLabs

Күн бұрын

Пікірлер: 15
@sugyanpatnaik2098
@sugyanpatnaik2098 6 сағат бұрын
Thanks Naveen Sir for explaining the Password Masking.
@mohamedsulaimaansheriff9787
@mohamedsulaimaansheriff9787 5 сағат бұрын
Usually secrets should be from pipeline run it should not be hard-coded in code
@technicalthings3741
@technicalthings3741 5 сағат бұрын
@@mohamedsulaimaansheriff9787 how.can you explain in detail
@naveenautomationlabs
@naveenautomationlabs 4 сағат бұрын
@@technicalthings3741 In CI/CD Pipelines: Jenkins: Use Jenkins Credentials Manager GitHub Actions: Use GitHub Secrets GitLab CI: Use GitLab CI/CD Variables Azure DevOps: Use Variable Groups/Library For Local Development: Environment Variables Local .env files (added to .gitignore) Local secure credential stores
@namaratasharma5417
@namaratasharma5417 5 сағат бұрын
Let's say we store key as well encrypted password in properties file, but that can again be easily decrypted by anyone ..right?
@technicalthings3741
@technicalthings3741 5 сағат бұрын
You are correct. I was also thinking the same 😅
@naveenautomationlabs
@naveenautomationlabs 5 сағат бұрын
you can store secret key as environment variables or key manager on the test execution machine or on you local machine. No need to expose it in your prop file. Best approach is always to maintain keys and password/tokens as environment variables.
@geethami1186
@geethami1186 5 сағат бұрын
True sir, but it’s very easy to decrypt and see the password as method is available.How can we hide decryption logic?
@naveenautomationlabs
@naveenautomationlabs 4 сағат бұрын
I'll say yes its possible. Hence performing the encryption or decryption in test automation for app passwords, is not a perfect approach. But these are lower environment passwords not for the PROD. Always maintain the token and secrets in the secret key on your test automation machine or part of CI CD pipeline. In CI/CD Pipelines: Jenkins: Use Jenkins Credentials Manager GitHub Actions: Use GitHub Secrets GitLab CI: Use GitLab CI/CD Variables Azure DevOps: Use Variable Groups/Library For Local Development: Environment Variables Local .env files (added to .gitignore) Local secure credential stores
@geethami1186
@geethami1186 4 сағат бұрын
@ thanks so much sir for your quick response. You are amazing⭐️
@vinuthreddy4238
@vinuthreddy4238 2 сағат бұрын
Hi naveen sir I have created hybrid framework with page object model pattern with pytest and bdd framework with page object model.I request to look at both framework tell me that i am in a proper direction.I will share github links for both the projects. tell me that is both projects are per current industry ? Can you please share your mail id?
@technicalthings3741
@technicalthings3741 5 сағат бұрын
Anyone can decrypted password from properties file
@naveenautomationlabs
@naveenautomationlabs 4 сағат бұрын
you can store secret key as environment variables or key manager on the test execution machine or on you local machine. No need to expose it in your code. Without secret key, one can never decrypt the password.
30-Day SDET Technical Interview Preparation Plan | Naveen Automation
25:12
Naveen AutomationLabs
Рет қаралды 24 М.
UFC 310 : Рахмонов VS Мачадо Гэрри
05:00
Setanta Sports UFC
Рет қаралды 1,2 МЛН
Леон киллер и Оля Полякова 😹
00:42
Канал Смеха
Рет қаралды 4,7 МЛН
Что-что Мурсдей говорит? 💭 #симбочка #симба #мурсдей
00:19
How To Handle Permissions Like A Senior Dev
36:39
Web Dev Simplified
Рет қаралды 285 М.
OAuth 2.0 and OpenID Connect (in plain English)
1:02:17
OktaDev
Рет қаралды 1,8 МЛН
Full Stack Java Introduction Class - CVCORP
1:13:00
CVCORP
Рет қаралды 682
6 Steps to Master in Test Automation in 2025
44:40
Naveen AutomationLabs
Рет қаралды 26 М.
What’s my QA Career Path after 8 years?
32:08
Naveen AutomationLabs
Рет қаралды 5 М.
Better Java Streams with Gatherers - JEP Cafe #23
1:13:32
UFC 310 : Рахмонов VS Мачадо Гэрри
05:00
Setanta Sports UFC
Рет қаралды 1,2 МЛН